November 5, 2010

Recently, I had issues with the setup of a public logon page in Sitecore. The setup was very similar to the way that login work in the Intranet solution, e.g.

1. A login.aspx page is created in the project folder
2. Settings are added to the web.config <site> tag: loginPage=”/login.aspx” + requireLogin=”true”
3. The login page either displays a form or is secured in IIS and then gets the AUTH_USER header to login users (if implmenting an AD solution)

The problem is, so it seems, that the latest version of sitecore (6.2) works differently from previous versions as documented here and here. The URL parameters item, user, and site are no longer passed. Furthermore, adding a SecurityResolver pipeline didn’t seem to work any longer.

So in 6.2, when a user cannot be authenticated to access a page, they are simply redirected to /login.aspx without any return URL or other useful information. This makes the situation even worse if you are trying to preview a page from the administration interface – basically every initial request is redirected to /login.aspx, and once authenticated the user is returned to the home page, as the original URL was lost when the user was redirected to /login.aspx.

Things seemed futile until a text search of the various config’s revealed the following setting in the web config:

Changing this setting to “true” now means that the return URL is passed through to /login.aspx as the ‘url’ querystring parameter. You’ll need to modify your login.aspx to look for this parameter and decode the parameter using Server.UrlDecode before redirecting.

This solution is simpler than the previous options available. It’s probably documented somewhere, I just never got a chance to read about it. I hope this is of help to anyone else who may be facing the same issues.